<?php
session_start();
$pass='';
$user='';
if (isset($_SESSION['user']))
{
	$pass= $_REQUEST["pass"];
	$user= $_SESSION["user"];
}


?>
<html>
<form name="Data" method="post" action="check_login.php">	
	<input type="hidden" name="pass" id="pass" value="<?=$pass?>" />
	<input type="hidden" name="user" id="user" value="<?=$user?>" />
</html>

<?
$host="PC-92"; //Sets database host address
$username="home_electronics"; //Sets database username
$password="home_electronics"; //Sets database password
$db_name="home_e"; //Sets database name
$tbl_name="user"; //Sets the table to be used


mysql_connect("$host", "$username", "$password")or die("cannot connect"); //Connects to mysql
mysql_select_db("$db_name")or die("cannot select DB"); //Selects the database to be used



//if its a new user and changed the password update it and return to main login
if ($pass!='')
{
	//Encrypt the password with salt to store it
	$new_pass = crypt(md5($pass),md5($user));
	$sql="UPDATE user set password='$new_pass' WHERE user_name='$user'"; //update the password
	$result=mysql_query($sql);
	echo	"<script>alert('Password Changed!');</script>";
	//session_destroy();	
	?><script>	//window.location = '../main_login.php';</script><? 
}
else
{	
	$myusername=$_POST['myusername']; //Gets username from input
	$mypassword=$_POST['mypassword']; //Gets password from input
	$_SESSION["user"]= $myusername;
	


	$mypassclean=$mypassword;
	//Encrypt the password with the same salt to compare it
	$mypassword = crypt(md5($mypassword),md5($myusername));

	$sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassword'"; //Searches database for user/pass
	$result=mysql_query($sql); //Stores result from query
	$count=mysql_num_rows($result); //Sets count to number of results
	$row=mysql_fetch_array($result); //Gets the array details from query


	if($count==1) { //If 1 result is found it continues
		
	//	session_register('myusername');  //Registers variables to be used during session
	//	session_register('mypassword');  //Registers variables to be used during session
			
		$_SESSION["valid_id"]	= $row['user_id']; 	//Set user variables
		$_SESSION["name"]		= $myusername;				//Set user variables
		$_SESSION["valid_user"] = $row['user_type'];	//Set user variables
		$_SESSION["valid_time"] = time();			//Set user variables
		
		//Saves Login Log
		$UserId	= $row['user_id'];
		$UserIp	= $_SERVER["REMOTE_ADDR"];
		
		$query = "CALL Add_Log('User Login',$UserId,'$UserIp')";
		$result= mysql_query($query);
		
		if($row['user_type']==1) {
		?><script>	window.location = '../admin_login.php';</script><? 		
		}
		else if($row['user_type']==0) {
		?><script>	window.location = '../user_login.php';</script><? 
		}
	}
		else{ //More than 1 or no result found returns to main login
			//check clean password for new user and ask for new pass
			$sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassclean'"; //Searches database for user/pass
			$result=mysql_query($sql); //Stores result from query
			$count=mysql_num_rows($result); //Sets count to number of results
			if($count==1)
			{
				$new_pass = '<script>document.Data.pass.value=prompt("Please enter your new Password","New User");</script>';
				echo($new_pass);
//				die('asd');
				echo '<script>document.Data.submit();</script>';
						
			}
			else
			{
				session_destroy();	
				echo	"<script>alert('User or Password Invalid!');</script>";
				?><script>	window.location = '../main_login.php';</script><? 
			}
		}
}
?>